Joseph Tam jtam.home@gmail.com writes:
Michael Welsh Duggan writes:
All the files in my Maildir are owned by md5i:mail (I am md5i), and have 660 permissions. All directories have the same user:group permissions, and 770 with the setguid bit set. (That last may not be necessary, but ...
doveadm(md5i): Error: fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, group=8(mail)) failed: Operation not permitted (egid=1000(md5i), group based on /home/md5i/Maildir/.mail.test - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
After this, each directory has a dovecot.index.log with md5i:md5i 600 permissions.
I think the cause is clear enough: you (user=md5i/uid=1000) are not part of group mail (gid=8), so the dovecot user process doing things on your behalf cannot create index files that are anlogous to the mailbox it's indexing.
You can either
- add "md5i" to group mail
- remove g+w permission on your mail files (making group membership irrelevant)
- fiddle with "mail_privileged_group = mail", but I'm a little hazy on all the ramifications of this.
I don't know your particular circumstances, so I don't know which is best. If (big if) nothing on your system (particularly the MTA) requires access to your mail spool files by running as group=mail, probably 2) is your best option.
Thank you. 2) did the trick, and I think I understand how this works now.
-- Michael Welsh Duggan (md5i@md5i.com)